mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-10 10:48:10 +02:00
Kevin Veen-Birkenbach
a26538d1b3
- bumped image version from 14 to 15 - removed dedicated migration task (now handled by upstream entrypoints) - renamed tasks for cleaner numbering: * 02_settings.yml → 01_settings.yml * 03_ldap.yml → 02_ldap.yml * 04_admin.yml → 03_admin.yml Ref: https://chatgpt.com/share/68d57770-2430-800f-ae53-e7eda6993a8d
80 lines
3.3 KiB
YAML
80 lines
3.3 KiB
YAML
- name: Load LDAP configuration variables
|
|
include_vars:
|
|
file: "ldap.yml"
|
|
|
|
- name: Check if LDAP source exists
|
|
community.postgresql.postgresql_query:
|
|
db: "{{ database_name }}"
|
|
login_user: "{{ database_username }}"
|
|
login_password: "{{ database_password }}"
|
|
login_host: "127.0.0.1"
|
|
login_port: "{{ database_port }}"
|
|
query: "SELECT id FROM ldap_auth_sources WHERE name = '{{ OPENPROJECT_LDAP.name }}' LIMIT 1;"
|
|
register: ldap_check
|
|
|
|
- name: Update existing LDAP auth source
|
|
community.postgresql.postgresql_query:
|
|
db: "{{ database_name }}"
|
|
login_user: "{{ database_username }}"
|
|
login_password: "{{ database_password }}"
|
|
login_host: "127.0.0.1"
|
|
login_port: "{{ database_port }}"
|
|
query: >
|
|
UPDATE ldap_auth_sources SET
|
|
host = '{{ OPENPROJECT_LDAP.host }}',
|
|
port = {{ OPENPROJECT_LDAP.port }},
|
|
account = '{{ OPENPROJECT_LDAP.account }}',
|
|
account_password = '{{ OPENPROJECT_LDAP.account_password }}',
|
|
base_dn = '{{ OPENPROJECT_LDAP.base_dn }}',
|
|
attr_login = '{{ OPENPROJECT_LDAP.attr_login }}',
|
|
attr_firstname = '{{ OPENPROJECT_LDAP.attr_firstname }}',
|
|
attr_lastname = '{{ OPENPROJECT_LDAP.attr_lastname }}',
|
|
attr_mail = '{{ OPENPROJECT_LDAP.attr_mail }}',
|
|
onthefly_register = {{ OPENPROJECT_LDAP.onthefly_register }},
|
|
attr_admin = '{{ OPENPROJECT_LDAP.attr_admin }}',
|
|
updated_at = NOW(),
|
|
tls_mode = {{ OPENPROJECT_LDAP.tls_mode }},
|
|
filter_string = '{{ OPENPROJECT_LDAP.filter_string }}',
|
|
verify_peer = {{ OPENPROJECT_LDAP.verify_peer }},
|
|
tls_certificate_string = '{{ OPENPROJECT_LDAP.tls_certificate_string }}'
|
|
WHERE name = '{{ OPENPROJECT_LDAP.name }}';
|
|
when: ldap_check.query_result | length > 0
|
|
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
|
|
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
|
|
|
|
- name: Create new LDAP auth source
|
|
community.postgresql.postgresql_query:
|
|
db: "{{ database_name }}"
|
|
login_user: "{{ database_username }}"
|
|
login_password: "{{ database_password }}"
|
|
login_host: "127.0.0.1"
|
|
login_port: "{{ database_port }}"
|
|
query: >
|
|
INSERT INTO ldap_auth_sources
|
|
(name, host, port, account, account_password, base_dn, attr_login,
|
|
attr_firstname, attr_lastname, attr_mail, onthefly_register, attr_admin,
|
|
created_at, updated_at, tls_mode, filter_string, verify_peer, tls_certificate_string)
|
|
VALUES (
|
|
'{{ OPENPROJECT_LDAP.name }}',
|
|
'{{ OPENPROJECT_LDAP.host }}',
|
|
{{ OPENPROJECT_LDAP.port }},
|
|
'{{ OPENPROJECT_LDAP.account }}',
|
|
'{{ OPENPROJECT_LDAP.account_password }}',
|
|
'{{ OPENPROJECT_LDAP.base_dn }}',
|
|
'{{ OPENPROJECT_LDAP.attr_login }}',
|
|
'{{ OPENPROJECT_LDAP.attr_firstname }}',
|
|
'{{ OPENPROJECT_LDAP.attr_lastname }}',
|
|
'{{ OPENPROJECT_LDAP.attr_mail }}',
|
|
{{ OPENPROJECT_LDAP.onthefly_register }},
|
|
'{{ OPENPROJECT_LDAP.attr_admin }}',
|
|
NOW(),
|
|
NOW(),
|
|
{{ OPENPROJECT_LDAP.tls_mode }},
|
|
'{{ OPENPROJECT_LDAP.filter_string }}',
|
|
{{ OPENPROJECT_LDAP.verify_peer }},
|
|
'{{ OPENPROJECT_LDAP.tls_certificate_string }}'
|
|
);
|
|
when: ldap_check.query_result | length == 0
|
|
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
|
|
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
|